Dumpster Diving

When we first began this column, I regaled you with promises
of wondrous tools included in Windows, Windows NT, and
the Resource Kits. Youll also recall that I mentioned
that third-party utilities and shareware tools abound
with many being quite good. While I had intended to keep
the focus on the Microsoft tools, every so often a third-party
tool comes along that really bears mentioning.

Such is the case with SomarSoft, Inc.s DumpACL.
This baby is indispensable for managing users, groups,
directory permissionsyou name it. It doesnt
actually let you change any settings, but it does allow
you to dump NT information that can then be
used to look for security holes, overlapping permissions,
whatever. Want to know the best part? Its free!
OK, I know that some of you are hesitant to use freeware
utilities, but since this one doesnt have change
capability (you can look at data), you should be safe.
Besides, if it makes you feel any better, SomarSoft used
to charge for it.

Figure 1 shows the interface with the Report menu open.
This jewel is the heart of the system. From here you select
which type of report you want to run. There are six different
types: Permissions, Users, Groups, Policies, Rights, and
Services. Somewhere in there is a report that youre
going to need. Probably the most versatile is Permissions.

Figure 1.The Report tab
of DumpACL's main interface is the heart of the system,
showing all the available reports you can run.

The first step in using this report is to configure the
report options. These are:

Show Owner

Show Permissions

Show Audit Settings

You can also filter the report down (very useful when
dealing with a lot of information) in several ways. You
can show only directories and files whose permissions
differ from the parent (exception dirs and files), only
directories that differ (exception dirs, no files), all
directories with files that differ (all dirs, exception
files), all directories but no files (all dirs, no files),
or everything (all dirs, all files). Once youve
set your preferences, you can dump the file permissions.
Also in the Permissions section are Registry, Printers,
and Shares.

Next we have Users and Groups, both of which can be dumped
as either a column or a table (Permissions are only dumped
as a table). All this does is change the way it looks,
so choose the way you like best. Policies and Rights have
no options and are dumped as a column and a table, respectively.
The Services report allows you to select either Win32
services or kernel drivers (or both) and services that
are either running or not running (or both)dumped
as a table.

Once you have the report, you can choose how to save
it. DumpACL has a native file format with a .DCL extension.
You can also choose from comma-delimited, tab-delimited,
fixed-width columns, or Unicode fixed-width columnsit
all depends on what youre going to do with the data
later. I prefer comma delimiting because its easy
to import into Excel for refinement (read:
prettying-up). You can also use DumpACL to
print the reports. It lets you perform basic page layout
and even select from different fonts.

What the Heck Do You Do with It?

I mentioned that this is a great tool for tracking down
problems. But its also great for documentation.
Heres a thought run a report of each type,
make them look good in Excel, then put them in a binder
and keep them with the server. Show them to your boss.
He or she will be so impressed with your organizational
skills that youll be promoted to project manager!
Seriously!

Any Problems?

Well, it only runs on NT. Most of the Microsoft administrative
utilities have versions that you can run on Win 9x, but
this one wont. So if you use a Win 9x machine for
your network admin duties sorry. Hey! Youve
been just looking for a reason to upgrade anyway, admit
it. Also, it doesnt do much in the way of printing
attractive reports. But you can easily import these reports
into something that can, so its really a non-issue.

DumpACL can make your administrative life a lot easier.
Like the man said It may be free, but it aint
cheap!

About the Author

Chris Brooke, MCSE, is a contributing editor for Redmond magazine and director of enterprise technology for ComponentSource. He specializes in development, integration services and network/Internet administration. Send questions or your favorite scripts to chrisb@componentsource.com.